9 matches found
CVE-2025-49387
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through =...
CVE-2025-47492
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Path Traversal.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a...
CVE-2025-47492
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Path Traversal.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a...
CVE-2025-47492
CVE-2025-47492 is a path traversal vulnerability in the WordPress plugin Drag and Drop File Upload for Elementor Forms (versions up to 1.4.3). The root cause is improper limitation of a pathname to a restricted directory, enabling traversal to files outside the intended directory. Impact per sour...
Tenable Network Monitor 安全漏洞
Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Holdings, Inc. in the United States, mainly used for security assessment of network devices. Tenable Network Monitor suffers from an elevation of privilege vulnerability that originates from a...
CVE-2022-34483
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...
DOM-based Cross-site Scripting (XSS)
copyparty is vulnerable to DOM-based cross-site scripting. The vulnerability is due to improper handling of maliciously named files during drag-and-drop actions in the Web UI, allowing arbitrary JavaScript execution...
CVE-2025-24891
Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject...
PT-2024-27354 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7
Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress versions up to, and including, 1.3.7.7 Description: The issue allows unauthenticated attackers to extract sensitive data uploaded via the plugin through a form. This is...